|
LiveFeed is Mailshell's
real-time reputation data feed service that combines
increased throughput with improved detection rates
to deliver more accurate, complete and up-to-date
protection. Unlike other "reputation" systems that
are simply IP blacklists, LiveFeed quantifies reputations
for IPs, domains and URLs, and provides a trust rating
and numerical score for each.
Mailshell collects data
from around the world, via its network of OEM partners,
statistics gathered from LiveReport software modules,
data sharing partnerships and our collaborative network
of end-users. Mailshell gathers, aggregates, and synthesizes
hundreds of millions of data points per day to provide
a comprehensive view of new outbreaks and changing
reputations. The resulting LiveFeed data is available
via near real-time queries to Mailshell's OEM partners,
either as a stand-alone service or from within the
Mailshell SDK.
LiveFeed's Primary Benefits
Over Other 'Reputation' Services Include:
1. More than just IPs:
LiveFeed contains IPs and domains which allow for
greater depth and coverage. URLs, Sender Fingerprints,
Message Fingerprints, and others will be added in
2008.
2. Fast: LiveFeed queries
use DNS via UDP, making them far faster and more lightweight
than other services. Standard DNS caching software
like DNScache and Bind can be used to further increase
performance.
3. Detailed: Unlike other
services that provide a binary "good or bad" rating,
LiveFeed provides detailed scoring that allows OEMs
to map its results to policies. We provide web tools
to review and correct ratings.
 |
|
OEM Partners,
Live Mail Traffic Statistics, Data Sharing
Partnerships and our Collaborative Network
provide data on new outbreaks to Mailshell.
|
|
LiveFeed Complements
Other Security Solutions
1. Spam / Phishing detection:
LiveFeed's primary purpose, it catches ~85% of spam
without more 'expensive' filter checks. Compromised
servers can be detected and reported.
2. Virus / Spyware detection:
LiveFeed's database includes IPs and URLs that are
known sources of malware. LiveFeed often contains
new data, available in real-time, before other security
services have created signatures for those sites.
3. Browser plugin: LiveFeed
can warn end-users which sites are dangerous. Because
LiveFeed offers granular reputation scoring, you can
map LiveFeed scores to different policies and actions
(i.e. block, warn user, etc.). Search spam, blog spam
or social networking spam often drives users to sites
known to LiveFeed as untrustworthy.
4. IM / P2P: LiveFeed
can identify URLs, IPs or domains that should not
be trusted.
5. Traffic shaping / throttling:
Traffic can be slowed, throttled (or prioritized)
based on the associated reputation via LiveFeed.
Superior Flexibility
 LiveFeed
allows customers to query LiveFeed as a stand-alone
service independently or within the Mailshell SDK
and engine. It is the only solution that allows end
customers to customize reputation weighting. Customers
can create their own scoring policies, or benchmark
the default, aggressive, and conservative settings,
and select the detection rate that suites them best.
How LiveFeed Calculates
Traffic Reputation: The Ratio of # Spam versus # Legit
Since 2004, Mailshell led
with the original industry-wide blueprint for reputation
technologies. We track the reputation of attributes
such as:
- Every IP address and domain.
- Every URL within every message.
- Every message and/or sender fingerprint.
We also track the reputation
of related attributes such as:
- Country of origin of IP.
- Domain owner.
- Name server.
- Domain Registrar.
We track these traffic
attributes in massive databases and apply statistical
models to calculate reputation. From a high level,
LiveFeed:
- Tracks the frequency of each attribute in known
good traffic versus the frequency in bad traffic
or spam.
- LiveFeed calculates a reputation score, which
is a real number, for each attribute.
- For spam, phishing or fraud, LiveFeed combines
the reputation for each attribute into a reputation
for each associated email message.
LiveFeed Key Facts
Can be queried as a stand-alone
data service or as part of Mailshell's SDK.
- Increases spam detection by 10-15 percent.
- Alone catches 85-90 percent of rogue traffic and/or
spam, with less than 0.0001 percent false positives.
- Combats zombies and bots effectively by tracking
machines that should not be connecting to public
mail servers (home users, DSL and cable modem, etc.).
- Has the capacity to process more than 20 billion
requests per day.
- Currently has datacenters in Europe and North
America.
- Includes a network of distributed redundant servers
for 99.999% reliability.
|
